[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Linux security issues as they pertain to CVS
From: |
Derek R. Price |
Subject: |
Re: Linux security issues as they pertain to CVS |
Date: |
Tue, 29 May 2001 12:53:16 -0400 |
"Thornley, David" wrote:
> > -----Original Message-----
> > From: address@hidden [mailto:address@hidden
> > Sent: Friday, May 25, 2001 7:48 PM
> > To: Mark
> > Cc: CVS Mailing List
> > Subject: Re: Linux security issues as they pertain to CVS
> >
> >
> > The problem is that pserver cannot be made secure. Literally cannot.
> > It runs on a raw, insecure TCP circuit and is subject to all kinds of
> > man-in-the-middle attacks, connection hijacking, spoofing, etc.
> >
> Any problems with running pserver over an encrypted channel? It seems to
> met that would be just as secure as ssh access (and, of course, just as
> unsafe - the biggest potential security problems being the guys on both
> ends of the channel).
It depends on the encrypted channel implementation and SSH configuration...
SSH, I know, can be configured to change the encryption keys once an hour
and the like. I expect some of the channel encryptors are capable of
similar but I don't know the details.
Of course, SSH _could_ be granting shell access to users which is a separate
security issue.
And with both SSH and pserver, the security of the user's local file system
is a limitation since if the ~/.cvspass or the ~/.ssh/* secret keys are
compromised then so is your system. SSH does allow a password to encrypt
the secret key but there may be no way to guarantee that your users are
using that feature and it's possible that using that feature in a useful
manner is a challenge for some users.
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:address@hidden CollabNet ( http://collab.net )
--
I predict future happiness for Americans if they can prevent the government
from wasting the labors of the people under the pretense of taking care of
them.
- Thomas Jefferson
- Re: Linux security issues as they pertain to CVS, (continued)
- Re: Linux security issues as they pertain to CVS, Mark, 2001/05/25
- Re: Linux security issues as they pertain to CVS, Greg A. Woods, 2001/05/25
- Re: Linux security issues as they pertain to CVS, Larry Jones, 2001/05/26
- Re: Linux security issues as they pertain to CVS, Greg A. Woods, 2001/05/26
- Re: Linux security issues as they pertain to CVS, Derek R. Price, 2001/05/29
- Re: Linux security issues as they pertain to CVS, Greg A. Woods, 2001/05/30
- Re: Linux security issues as they pertain to CVS, Greg A. Woods, 2001/05/25
- Re: Linux security issues as they pertain to CVS, Derek R. Price, 2001/05/29
- RE: Linux security issues as they pertain to CVS, Ralph Mack, 2001/05/26
RE: Linux security issues as they pertain to CVS, Thornley, David, 2001/05/29
Re: Linux security issues as they pertain to CVS, Ralph Mack, 2001/05/31